Lucene search

PRIOn knowledge basePRION:CVE-2022-46898

HistoryJul 25, 2023 - 8:15 p.m.

Path traversal

2023-07-2520:15:00

PRIOn knowledge base

www.prio-n.com

path traversal

vocera report server

voice server 5.x

sql data

websocket function

database restoration

zip archive

sanitized filename

sql import file

directory escape

vulnerability

crafted zip archive

sql commands

database

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.2%

JSON

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the “restore SQL data” filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. The filename provided is not properly sanitized and allows for the inclusion of a path-traversal payload that can be used to escape the intended Vocera restoration directory. An attacker could exploit this vulnerability to point to a crafted ZIP archive that contains SQL commands that could be executed against the database.

CPENameOperatorVersion
report_serverge5.0.0
report_serverle5.8.0.135
voice_serverge5.0.0
voice_serverle5.8.0.135

Name	Operator	Version
report_server	ge	5.0.0
report_server	le	5.8.0.135
voice_server	ge	5.0.0
voice_server	le	5.8.0.135

References

www.stryker.com/us/en/about/governance/cyber-security/product-security/

www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html